Blockchain hacks are on the rise, Cambridge IT security expert warns
- Susan G. Hall
- on Aug 26, 2022
Sumit ‘Sid’ Siddharth, the founder of Cambridge-based IT security firm The SecOps Group, explains how cybercriminals are exploiting the rise in cryptocurrency usage and what can be done about it.
As cybercriminals have quickly caught up with the latest security vulnerabilities and exploits, with the exponential growth of cryptocurrencies, NFTs, and other blockchain implementations, there has never been a better time for a cybercriminal to convert a vulnerability in easy and big money.
We see two different types of attacks involving cryptocurrencies. One of them is centered on the end user (victim) and the attack technique relies on social engineering tricks such as convincing a victim to send cryptocurrency to an attacker’s wallet .
The other type of hack we see is a bit more complicated and requires a deep understanding of blockchain smart contracts and related components, such as side chain, cross chain, wallets, understanding of various protocols, etc. .
Within the SecOps group, which currently offers security consulting services such as cloud security assessments, web and network pentests, we have now launched a blockchain smart contract security audit, to help blockchain developers identify and fix security issues before they are exploited in the wild.
To break this down in simple terms, I will first explain what blockchain is, then discuss blockchain applications and some common issues.
Blockchain is a database of transaction records that is distributed, validated, and maintained around the world by a network of computers.
Instead of a single central authority such as a bank, a large community oversees records in Blockchain, and no individual person has control over those records.
Blockchain is based on decentralized technologies. Together, these technologies work as a Peer-to-Peer (P2P) network.
Blockchain technology is used in many different industries. Annual blockchain spending will reach $16 billion by 2023, according to a recent study by CBInsights. The rate of technology adoption is increasing.
Nowadays, there are different blockchain platforms in the market and each platform uses its own technology. For example, Ethereum platform uses Solidity language, Hyperledger platform uses Go language, EOS platform uses Node.js, Multichain platform uses C++, Corda platform uses Java/Kotlin language, etc.
The most famous cryptocurrency, Bitcoin (BTC), was developed on the Bitcoin platform. The Ether (ETH) cryptocurrency was developed on the Ethereum platform. The main blockchain applications are built on the Ethereum platform, which uses solidity as the language to write code called a “smart contract”.
A smart contract audit is a thorough, methodical examination and analysis of the code of a smart contract that is used to interact with a cryptocurrency or blockchain.
This process is conducted to discover errors, issues and security vulnerabilities in the code in order to suggest improvements and ways to fix them. Typically, smart contract audits are necessary because most contracts deal with financial assets and/or valuables.
Here are some of the top attacks this year:
$7 Million Solana Wallet Attack – August 03, 2022
Solana is a blockchain-based platform. Many web3 applications are deployed on the Solana blockchain because it is cost effective in terms of deployment. Recently, a wallet-based hack was observed in the Solana blockchain. The root cause of the breach is unclear, but it appears to be due to a flaw in the wallet software used, which resulted in the private key and/or seed phrase being compromised. A private key is unique and links a user to their blockchain address.
A seed phrase is a fingerprint of all of a user’s blockchain assets that is used as a backup if a crypto wallet is lost. Over 7,000 wallets have been emptied of over $7 million worth of SOL tokens.
$625 Million Axie Infinity Ronin Bridge Attack – March 28, 2022
Ethereum is a blockchain-based platform. It is the first blockchain platform that uses smart contracts and it is the most trusted platform of all blockchain platforms.
The biggest crypto hack ever, measured in fiat dollars, came after hackers took control of the majority of the crypto keys securing the game’s cross-deck to win Axie Infinity. Four of the nine keys were stolen when an Axie developer clicked on a fake job posting PDF.
$325 million Attack on Wormhole Cross Chain Bridge – February 2, 2022
Wormhole is a Web 3.0 bridge based on the Ethereum and Solana blockchain, which uses an intermediate bridge to transfer tokens between two different networks. A blockchain bridge is a protocol linking two economically and technologically distinct blockchains to allow interactions between them. A hacker exploited smart contracts on the Solana-Ethereum bridge to mint and withdraw packaged ether without posting collateral. The hack allowed hackers to steal a total of $320 million in Ethereum and Solana tokens. Wormhole has renamed its bridge portal and currently holds over $480 million, according to crypto data firm DeFi Llama.
Smart contract security audit has become important today because as we can see thousands of decentralized finance projects and NFT projects have been developed in blockchain technology AKA web 3.0, so securing them is equally important than building them.
#Blockchain #hacks #rise #Cambridge #security #expert #warns